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Disclosure to Promote the Right To Information 

Whereas the Parliament of India has set out to provide a practical regime of right to 
information for citizens to secure access to information under the control of public authorities, 
in order to promote transparency and accountability in the working of every public authority, 
and whereas the attached publication of the Bureau of Indian Standards is of particular interest 
to the public, particularly disadvantaged communities and those engaged in the pursuit of 
education and knowledge, the attached public safety standard is made available to promote the 
timely dissemination of this information in an accurate manner to the public. 




Mazdoor Kisan Shakti Sangathan 
"The Right to Information, The Right to Live" 
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NATIONAL FOREWORD 

This Indian Standard (Part 1) which is identical with ISO 11442-1 : 1993 Technical product 
documentation — Handling of computer-based technical information: Part 1 Security requirements' 
issued by the International Organization for Standardization (ISO) was adopted by the Bureau of 
Indian Standards on the recommendation of Drawings Sectional Committee and approval of the Basic 
and Production Engineering Division Council. 

This standard (Part 1) covers security aspects involved in the handling of computer-aided design 
(CAD) information. These computer security is with regard to installation and operation; system 
security; document contents and communication. Other parts of this series are given as follows: 

IS 15024 (Part 2) : 2001 Technical product documentation — Handling of computer-based 

technical information: Part 2 Original documentation 

IS 15024 (Part 3) : 2001 Technical product documentation — Handling of computer-based 

technical information: Part 3 Phases in the product design process 

IS 15024 (Part 4) : 2001 Technical product documentation — Handling of computer-based 

technical information: Part 4 Document management and retrieval 
system 

The text of ISO Standard has been approved as suitable for publication as Indian Standard without 
deviations. In this adopted standard, certain terminology and conventions are not identical to those 
used in Indian Standards. Attention is particularly drawn to the following: 

a) Wherever the words International Standard' appear, referring to this standard, they should be 
read as Indian Standard'. 

b) Comma (,) has been used as a decimal marker while in Indian Standards the current practice 
is to use a full point (.) as the decimal marker. 

In this adopted standard, reference appears to certain International Standards for which Indian 
Standards also exist. The corresponding Indian Standards which are to be substituted in their place 
are listed below along with their degree of equivalence for the editions indicated : 

International Corresponding Indian Standard Degree of 

Standard Equivalence 

IS0 10209-1 : 1992 IS 8930 (Parti) : 1995 Technical product Identical 

documentation — Vocabulary: Part 1 Terms 
relating to technical drawings: General and types of 
drawings (first revision) 

ISO/TR 10623 : 1991 IS 15025 : 2001 Technical product documentation do 

— Requirements for computer-aided design and 
draughting — Vocabulary 
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Indian Standard 



TECHNICAL PRODUCT DOCUMENTATION 
HANDLING OF COMPUTER-BASED 
TECHNICAL INFORMATION 



PART 1 SECURITY REQUIREMENTS 



1 Scope 

This part of ISO 11442 covers security aspects in- 
volved in the handling of computer-aided design 
(CAD) information. Such computer security is divided 
into four areas: 

a) security with regard to installation and operation; 

b) system security; 

c) security with regard to document contents; 

d) security with regard to communication. 

Areas a) and b) apply to computerization in any form, 
irrespective of the subject area, and are therefore not 
dealt with in detail in this part of ISO 1 1442, with the 
exception of backup copying, to which special atten- 
tion should be paid in computer-aided design tech- 
niques. 

The use of this part of ISO 1 1442 is intended to facil- 
itate: 

— communication with quality assurance functions 
within the company and outside; 

— consideration of the different security aspects in 
the design work; 

— purchase of appropriate systems and services. 



2 Normative references 

The following standards contain provisions which, 
through reference in this text, constitute provisions 
of this part of ISO 1 1442. At the time of publication, 



the editions indicated were valid. All standards are 
subject to revision, and parties to agreements based 
on this part of ISO 11442 are encouraged to investi- 
gate the possibility of applying the most recent edi- 
tions of the standards indicated below. Members of 
IEC and ISO maintain registers of currently valid 
International Standards. 

ISO 10209-1:1992, Technical product documentation 

— Vocabulary — Part 1: Terms relating to technical 
drawings: general and types of drawings. 

ISO/TR 10623:1991, Technical product documentation 

— Requirements for computer-aided design and 
draughting — Vocabulary, 

3 Definitions 

For the purposes of this part of ISO 11442, the defi- 
nitions given in ISO 10209-1 apply. Further termin- 
ology is given in ISO/TR 10623. 

4 Structural relationship of computer 
security 

The structural relationship of the various security sys- 
tems is presented schematically in figure 1. 

5 Security with regard to installation 
and operation 

NOTE 1 For access authorization, see 7.1. 

5.1 Installation 

Installation of computer equipment shall follow the 
specifications of the supplier. 
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5.1.1 Electricity supply 

In addition to correct voltage and power, the quality 
of the electricity supply (protection against brief 
power cuts and transients) shall be considered. This 
applies to ordinary power as well as backup power 
supplies. 

5.1.2 Ventilation 

Adequate ventilation is required to remove heat gen- 
erated by the computer. 

5.1.3 Cooling 

Extensive computer equipment may require separate 

cooling facilities. 

5.1.4 Magnetism 

Magnetic tapes, disks and other magnetic media shall 
be protected against magnetic fields. 

5.1.5 Electrostatic environment 

The equipment shall be protected against static elec- 
tricity caused by, for example, synthetic floor cover- 
ings. 

5.1.6 Trespassing 

The location of computers in work areas may require 
reconsideration of access regulation, to reduce the 
risk of unauthorized access. 

5.2 Operation 

5.2.1 Service and maintenance 

Service contracts are recommended to limit computer 

downtime. 

5.2.2 Stand-by equipment 

To eliminate, as far as possible, long computer 
downtimes in connection with serious equipment 
faults, access to suitable stand-by equipment should 
be guaranteed, 

5.2.3 Backup copy 

Original backup copying shall be carried out in ac- 
cordance- with established and documented routines. 
This ensures that entered data are not lost by, e.g., 
faults in the electrical system, computer malfunction 
or operator error. The routine shall specify personal 
responsibility, time schedule, storage medium and 
storage place, etc. Temperature and humidity control 
is necessary for some storage media. 

Original backup copying is recommended at the end 
of each day for transactions carried out during the day. 



Once a week as a minimum the entire database con- 
cerned should be backup-copied. The original backup 
copy is physically stored in a location different from 
that of the original document. 

6 System security 

6.1 Security of operation systems 

6.2 Security of application systems 

The computer program actually used should be regu- 
larly checked against the version that was intended to 
be used. 

7 Security of document contents 

7.1 Authorization 

Rules shall be laid down concerning authorization to 
create/design, read/copy, check/approve, revise and 
phase out document contents. 

These rules shall be documented with regard to, 
among other things, quality assurance. 

The use of user identification (user ID) and passwords 
(or card of authorization, etc.) permits access to: 

— various computer-aided activities; 

— data for a product range or part of a product range; 

— different document types (e.g. item list assembly 
drawing). 

Passwords and user IDs should not be shared. Pass- 
words should be kept secret and changed regularly; 
old passwords should not be re-used. 

Table 1 gives an example of a distribution of authoriz- 
ation levels. 

Each authorized person has a unique user ID and 
password. The degree of authorization for the user ID 
shall be approved by the manager of the function area 
involved and shall be administered by the person in 
charge of the system. The user ID and password 
should not have any connection to name, employ- 
ment number, social security number, birth date or 
any other related information. Passwords may include 
non-alphabetic as well as alphabetic characters. 

For further information concerning routines for the 
different computer-aided activities, see ISO 11442-3. 

7.2 Copyright 

Because not all countries have established legislation 
forbidding unauthorized copying or use, each docu- 
ment should be provided with a clause prohibiting 

this. 
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The clause should be affixed on any document re- 
corded on a physical support. A label containing this 
clause should be physically taped on the storage me- 
dium. The same clause should appear at the begin- 
ning and end of the data file when transmitted on a 
communication medium. 

This procedure is adequate in most countries. To ob- 
tain protection in many other countries, a copyright 
marking is required. This marking consists of "c 
Company name 19XX" (where 19XX is the year in 
which the contents of the document were made 
available). 

In cases where the symbol o cannot be used, it shall 
be replaced by the word "COPYRIGHT" 

When important changes are made in the contents 
of the document the original year shall be retained 



and shall be indicated as shown above. At the same 
time, the year of the revision can be given. This is not 
mandatory, but the copyright protection time is 
thereby extended. 

8 Communication security 

8.1 Transfer protocol checking 

Check the rules according to which the data is being 
transferred from one application package to another. 
Data shall be in defined form (input/output). 

8.2 Data transfer protection 

The data which are being transferred shall be pro- 
tected. Output data shall be in defined form. 
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Authorization in the design process 
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Bureau of Indian Standards 

BIS is a statutory institution established under the Bureau of Indian Standards Act, 1986 to promote 
harmonious development of the activities of standardization, marking and quality certification of goods 
and attending to connected matters in the country. 

Copyright 

BIS has the copyright of all its publications. No part of these publications may be reproduced in any 
form without the prior permission in writing of BIS. This does not preclude the free use, in the course 
of implementing the standard, of necessary details, such as symbols and sizes, type or grade 
designations. Enquiries relating to copyright be addressed to the Director (Publications), BIS. 

Review of Indian Standards 

Amendments are issued to standards as the need arises on the basis of comments. Standards are 
also reviewed periodically; a standard along with amendments is reaffirmed when such review indi- 
cates that no changes are needed; if the review indicates that changes are needed, it is taken up for 
revision. Users of Indian Standards should ascertain that they are in possession of the latest amend- 
ments or edition by referring to the latest issue of 'BIS Catalogue' and Standards: Monthly Additions'. 

This Indian Standard has been developed from Doc : No. BP 24 ( 0148 ). 
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